CVE-2009-2521

CVE Database · CVE-2009-2521

CVE-2009-2521

· N/AModified

CVSS v3.1

N/A

EPSS

82.27%

Published

Sep 4, 2009

Modified

Apr 22, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBMicrosoft IIS 5.0/6.0 FTP Server - Stack Exhaustion Denial of Service Exploit-DBMicrosoft IIS 7.0 FTP Server - Stack Exhaustion Denial of Service (MS09-053) (Metasploit)

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."

Weaknesses (CWE)

CWE-400

Affected Products (1)

microsoft · internet_information_servicesvulnerable

References (10)

http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html

Broken Link

http://support.microsoft.com/default.aspx?scid=kb%3B%5BLN%5D%3BQ975191

http://www.us-cert.gov/cas/techalerts/TA09-286A.html

Third Party AdvisoryUS Government Resource

https://docs.microsoft.com/en-us/security-updates/securitybulletins/2009/ms09-053

PatchVendor Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6508

Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2009-09/0040.html

Broken Link

KEV Catalog EPSS Scores Vendors All CVEs